Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CMS Made Simple 权限许可和访问控制漏洞
Vulnerability Description
CMS Made Simple 1.1.3.1 在一些情况下没有检测分配给用户的特权,这会允许远程验证用户执行一些管理操作,如(1) adding a user可以借助对admin/adduser.php提交的直接请求,添加用户,和(2)可以借助一个"admin/adminlog.php?page=1"请求,读取admin登录信息。
CVSS Information
N/A
Vulnerability Type
N/A